package com.example.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class IndexController {
    @GetMapping("/index")
    @PreAuthorize("hasAuthority('system:user:list')")
    public String index() {
        return "index";
    }

    @GetMapping("/authtest")
    @PreAuthorize("hasAuthority('test')")
    // 权限不足的时候抛出异常会被全局异常处理器处理，所以可以不需要实现AccessDeniedHandler
    public String authTest() {
        return "authTest";
    }

    // 自定义权限验证
    @GetMapping("/permissions")
    @PreAuthorize("@pe.checkPermissions('system:user:list')")
    public String permissions() {
        return "permissions";
    }

    @GetMapping("/permissions2")
    @PreAuthorize("@pe.checkPermissions('test')")
    public String permissions2() {
        return "permissions2";
    }
}
